Analysis Overview
SHA256
c7343df34a196ab643130de666b93ced7114b958d38381619aa63c3b427d920d
Threat Level: Known bad
The file Solara.zip was found to be: Known bad.
Malicious Activity Summary
RedLine
RedLine payload
Blocklisted process makes network request
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Looks up external IP address via web service
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of SetThreadContext
Drops file in Windows directory
Command and Scripting Interpreter: PowerShell
Unsigned PE
Program crash
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: CmdExeWriteProcessMemorySpam
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Suspicious behavior: LoadsDriver
Creates scheduled task(s)
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-21 22:12
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral6
Detonation Overview
Submitted
2024-05-21 22:12
Reported
2024-05-21 22:16
Platform
win10v2004-20240426-en
Max time kernel
129s
Max time network
151s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\luajit.exe
"C:\Users\Admin\AppData\Local\Temp\luajit.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.211.222.173.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-21 22:12
Reported
2024-05-21 22:14
Platform
win7-20240221-en
Max time kernel
57s
Max time network
58s
Command Line
Signatures
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Suspicious behavior: CmdExeWriteProcessMemorySpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\luajit.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1984 wrote to memory of 2384 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\cacls.exe |
| PID 1984 wrote to memory of 2384 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\cacls.exe |
| PID 1984 wrote to memory of 2384 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\cacls.exe |
| PID 1984 wrote to memory of 2728 | N/A | C:\Windows\system32\cmd.exe | C:\Users\Admin\AppData\Local\Temp\luajit.exe |
| PID 1984 wrote to memory of 2728 | N/A | C:\Windows\system32\cmd.exe | C:\Users\Admin\AppData\Local\Temp\luajit.exe |
| PID 1984 wrote to memory of 2728 | N/A | C:\Windows\system32\cmd.exe | C:\Users\Admin\AppData\Local\Temp\luajit.exe |
| PID 1984 wrote to memory of 2728 | N/A | C:\Windows\system32\cmd.exe | C:\Users\Admin\AppData\Local\Temp\luajit.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Launcher.bat"
C:\Windows\system32\cacls.exe
"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
C:\Users\Admin\AppData\Local\Temp\luajit.exe
luajit.exe log
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
Files
memory/2728-4-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-3-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-2-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-1-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-0-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-6-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-12-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-11-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-10-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-9-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-8-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-7-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-5-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-43-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-59-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-41-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-55-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-57-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-88-0x0000000000210000-0x0000000000211000-memory.dmp
memory/2728-87-0x0000000000210000-0x0000000000211000-memory.dmp
memory/2728-86-0x0000000000210000-0x0000000000211000-memory.dmp
memory/2728-85-0x0000000000210000-0x0000000000211000-memory.dmp
memory/2728-84-0x0000000000210000-0x0000000000211000-memory.dmp
memory/2728-83-0x0000000000210000-0x0000000000211000-memory.dmp
memory/2728-56-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-54-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-53-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-52-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-51-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-50-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-49-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-48-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-40-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-39-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-38-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-37-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-36-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-35-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-34-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-33-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-32-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-31-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-30-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-29-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-28-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-27-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-26-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-25-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-24-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-23-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-22-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-21-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-20-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-19-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-18-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-17-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-16-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-15-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-14-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-13-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-63-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-62-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-61-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-60-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-58-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-47-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-46-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-45-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-44-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
memory/2728-42-0x000000007EFA0000-0x000000007EFB0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab21A8.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar2218.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
memory/2728-381-0x0000000000210000-0x0000000000211000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-21 22:12
Reported
2024-05-21 22:16
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Roblox\Studio\Roblox.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1856 set thread context of 4560 | N/A | C:\Users\Admin\AppData\Roaming\Roblox\Studio\Roblox.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Setup\Scripts\ErrorHandler.cmd | C:\Users\Admin\AppData\Local\Temp\luajit.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608033060489741" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Launcher.bat"
C:\Windows\system32\cacls.exe
"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
C:\Users\Admin\AppData\Local\Temp\luajit.exe
luajit.exe log
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /sc daily /st 11:24 /f /tn WindowsSetup /tr "C:/Windows/System32/oobe/Setup.exe" /rl highest
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Register-ScheduledTask -TaskName 'Um9ibG94Nzk4' -Action (New-ScheduledTaskAction -Execute 'C:\Users\Admin\AppData\Roaming\Roblox\Studio\Roblox.exe') -Trigger (New-ScheduledTaskTrigger -At (Get-Date).AddMinutes(1) -Once) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -StartWhenAvailable) -Force"
C:\Windows\SysWOW64\rundll32.exe
rundll32 "C:\Users\Admin\AppData\Roaming\Lua\bin\lua.dll", init
C:\Windows\system32\rundll32.exe
rundll32 "C:\Users\Admin\AppData\Roaming\Lua\bin\lua.dll", init
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc6ab4ab58,0x7ffc6ab4ab68,0x7ffc6ab4ab78
C:\Users\Admin\AppData\Roaming\Roblox\Studio\Roblox.exe
C:\Users\Admin\AppData\Roaming\Roblox\Studio\Roblox.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1968,i,8663806780033039368,1445414516934675112,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1968,i,8663806780033039368,1445414516934675112,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=1968,i,8663806780033039368,1445414516934675112,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=1968,i,8663806780033039368,1445414516934675112,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1968,i,8663806780033039368,1445414516934675112,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4352 --field-trial-handle=1968,i,8663806780033039368,1445414516934675112,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4384 --field-trial-handle=1968,i,8663806780033039368,1445414516934675112,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1968,i,8663806780033039368,1445414516934675112,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=1968,i,8663806780033039368,1445414516934675112,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1968,i,8663806780033039368,1445414516934675112,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1968,i,8663806780033039368,1445414516934675112,131072 /prefetch:8
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6ab4ab58,0x7ffc6ab4ab68,0x7ffc6ab4ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1980,i,12565394943065861320,18155839964988515705,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1980,i,12565394943065861320,18155839964988515705,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2320 --field-trial-handle=1980,i,12565394943065861320,18155839964988515705,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1980,i,12565394943065861320,18155839964988515705,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1980,i,12565394943065861320,18155839964988515705,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4436 --field-trial-handle=1980,i,12565394943065861320,18155839964988515705,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4500 --field-trial-handle=1980,i,12565394943065861320,18155839964988515705,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=1980,i,12565394943065861320,18155839964988515705,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1980,i,12565394943065861320,18155839964988515705,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4444 --field-trial-handle=1980,i,12565394943065861320,18155839964988515705,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1980,i,12565394943065861320,18155839964988515705,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4956 --field-trial-handle=1980,i,12565394943065861320,18155839964988515705,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1980,i,12565394943065861320,18155839964988515705,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3528 --field-trial-handle=1980,i,12565394943065861320,18155839964988515705,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1980,i,12565394943065861320,18155839964988515705,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2256 --field-trial-handle=1980,i,12565394943065861320,18155839964988515705,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| RU | 80.66.81.137:80 | 80.66.81.137 | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.81.66.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| RU | 80.66.81.138:80 | 80.66.81.138 | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.81.66.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| RU | 147.45.47.64:11837 | tcp | |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.47.45.147.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.146.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | img.youtube.com | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | img.youtube.com | udp |
| US | 8.8.8.8:53 | ludiquemendo.fun | udp |
| FR | 195.35.49.171:443 | ludiquemendo.fun | tcp |
| FR | 195.35.49.171:443 | ludiquemendo.fun | udp |
| US | 8.8.8.8:53 | robflashy.com | udp |
| LT | 84.32.84.32:443 | robflashy.com | tcp |
| LT | 84.32.84.32:443 | robflashy.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 171.49.35.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.84.32.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.73.42.20.in-addr.arpa | udp |
Files
memory/1248-62-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-63-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-61-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-86-0x0000000002AE0000-0x0000000002AE1000-memory.dmp
memory/1248-85-0x0000000002AE0000-0x0000000002AE1000-memory.dmp
memory/1248-84-0x0000000002AE0000-0x0000000002AE1000-memory.dmp
memory/1248-83-0x0000000002AE0000-0x0000000002AE1000-memory.dmp
memory/1248-60-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-59-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-58-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-57-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-56-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-55-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-54-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-53-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-52-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-51-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-50-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-49-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-47-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-45-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-44-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-43-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-42-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-41-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-40-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-33-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-32-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-31-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-30-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-29-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-28-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-27-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-26-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-25-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-23-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-20-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-19-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-18-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-17-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-16-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-15-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-13-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-11-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-10-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-9-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-8-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-6-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-5-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-4-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-3-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-1-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-48-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-46-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-39-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-38-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-36-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-37-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-34-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-35-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-24-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-22-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-21-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-14-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-12-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-7-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-2-0x000000007F110000-0x000000007F120000-memory.dmp
memory/1248-0-0x000000007F110000-0x000000007F120000-memory.dmp
memory/2372-178-0x00000000731DE000-0x00000000731DF000-memory.dmp
memory/2372-179-0x0000000002AE0000-0x0000000002B16000-memory.dmp
memory/2372-180-0x0000000005200000-0x0000000005828000-memory.dmp
memory/2372-181-0x00000000731D0000-0x0000000073980000-memory.dmp
memory/1248-182-0x0000000002AE0000-0x0000000002AE1000-memory.dmp
memory/2372-187-0x00000000731D0000-0x0000000073980000-memory.dmp
memory/2372-189-0x00000000059A0000-0x0000000005A06000-memory.dmp
memory/2372-190-0x0000000005A10000-0x0000000005A76000-memory.dmp
memory/2372-188-0x00000000051C0000-0x00000000051E2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zra35ntf.jkb.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2372-200-0x0000000005A80000-0x0000000005DD4000-memory.dmp
memory/2372-201-0x0000000006070000-0x000000000608E000-memory.dmp
memory/2372-202-0x0000000006180000-0x00000000061CC000-memory.dmp
memory/2372-205-0x000000006FAD0000-0x000000006FB1C000-memory.dmp
memory/2372-204-0x0000000007200000-0x0000000007232000-memory.dmp
memory/2372-216-0x00000000731D0000-0x0000000073980000-memory.dmp
memory/2372-218-0x00000000731D0000-0x0000000073980000-memory.dmp
memory/2372-219-0x00000000731D0000-0x0000000073980000-memory.dmp
memory/2372-217-0x0000000007270000-0x0000000007313000-memory.dmp
memory/2372-215-0x0000000007240000-0x000000000725E000-memory.dmp
memory/2372-221-0x00000000073B0000-0x00000000073CA000-memory.dmp
memory/2372-220-0x0000000007A00000-0x000000000807A000-memory.dmp
memory/2372-222-0x0000000007430000-0x000000000743A000-memory.dmp
memory/2372-223-0x0000000007620000-0x00000000076B6000-memory.dmp
memory/2372-224-0x00000000075B0000-0x00000000075C1000-memory.dmp
memory/2372-226-0x00000000731D0000-0x0000000073980000-memory.dmp
memory/2372-229-0x00000000731D0000-0x0000000073980000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3YK18YAR\json[1].json
| MD5 | bd0c2d8e6b0fe0de4a3869c02ee43a85 |
| SHA1 | 21d8cca90ea489f88c2953156e6c3dec6945388b |
| SHA256 | 3a3e433f615f99529721ee766ad453b75d73fe213cb1ab74ccbb4c0e32dcd533 |
| SHA512 | 496b1285f1e78d50dd79b05fa2cbf4a0b655bb3e4515646be3a7c7cdf85d7db6ab35577aa1e294f3d515d707ca341652b5ae9d4b22197e4480226ef8440294b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
| MD5 | 7796d81eaaaa0a588ab7d590d98bfeec |
| SHA1 | 8b56c9598a621bf554b0f9d1d5185dd7962ee7dd |
| SHA256 | 9b658580099364ef18cf2dfd8afa23bca333eac7be0d87771451cd9c7d665708 |
| SHA512 | 7768e8d3b171eb8d2acedef57df1d34ba452c2dce06fe15ab20721ba83c3fbe77f240af2b8f5b7f4ec43afe9d2f56b79af89fec39f499dc1bc6d136db22cca2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
| MD5 | a1ea63317f798b4a8794feed068eb885 |
| SHA1 | 89145042b32e863139c8d3b67763d1aaeb84628f |
| SHA256 | 4cb414ada8d6af38feb16ac9db9da6a1480992aa217560134e02a72fb53a5b0f |
| SHA512 | bf7b88fc2c725e62dfa3ee08ff5d246f17fb4397bd745a99546b8083586a8aea334a431275de65c454b8c46b6ab90b9e0053d30b616cba28ccf7593697ff21dd |
C:\Users\Admin\Pictures\468F6343C0E64931970330C6539573CB
| MD5 | 0685f628f7b26462640a2d8647a9db08 |
| SHA1 | dfd04f884ca8ef1074a28153d0d9754462693a2d |
| SHA256 | 4d2490dfccac8fff703222d3d3b82d3c390b4b9458c3e3e305dc4a29389b5e39 |
| SHA512 | 7fe7549f120349ccaf39719595d1bd338882b8191f85f5f4d3f6a2e7688b1e442db2eda6db2fc8ac5b09a2e7574fbfd2bdaf72946e587fce2de610bcaaf723ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | 2a9067843ff51dad6d9d24dbd6c2b824 |
| SHA1 | b14a0b7669e95ff753d90a8b46e592e85d9c9f9e |
| SHA256 | 11801ae78eeeafe6b66404b29257cb6be1e570e344a51abd16707bebd0009c51 |
| SHA512 | e4b0bb28bc24b99817cce1a1e9622a0721d52134e649e4f97ac12ae2b3086b8880d19745ca5f0d3116c7e0b9388ca0d3a55e905c80c38442ecc3e645bc620355 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | 72d4880bc5c5e75d2c69ea85932f6015 |
| SHA1 | ac33593f45a034fef778aa22b0b93dd29a6c7366 |
| SHA256 | 7e576ce866607f8e6802355e09db9431853bd6568fc239ff4e3308b4edc06b6d |
| SHA512 | ba0976e2b8652d3dc71558e669ab450b793c49a61aa01a1b0b4dfe9a6c8bf0ab065548a314bad955104be5d5ef6948d959569433c40c69b01dd8b3ac09fa36e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 6f78c82189354eefda54e26116fa17e0 |
| SHA1 | 2033b822b309c8aac2898766d3201db89885d703 |
| SHA256 | 50788f1b1b8eaa6ba6d5f2d206573128e10a403290b907969f892d4dd0f47edc |
| SHA512 | 7a5cd6871a6c84c02e148ca44cc1f56048b195bc0d8b5578aff2e01744338b65eae36530fd97346432d9ada97dbbcf655a3d598630753d007f10527abd47e5a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 3685212df369729af79c622659dd3c17 |
| SHA1 | 99a03d5b01ee5771ec89cde6e6e4315b9d5adfd9 |
| SHA256 | 128e47dbcc5e2b27365a3c0895a51bfe141cb8268a8e47b49e4e8108a785a3e3 |
| SHA512 | 1df14893d51e0f423ada168819129ce2fac895fb5fefa5b9979593771adf5f84e9e863f16c9cbc853f444d56abcb04ddfd59bb826026755275d91d986bedad6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A66A8DB907BADC9D16AD67B2FBFFDD5C
| MD5 | 2db5345850c203829dc2d4c66b441ac6 |
| SHA1 | 25e5cbaffdfe0456301188b304106baea4750535 |
| SHA256 | 2716710828b2390a73099b978e2ca941a8bce3fdc275fa58d511be7177e150ca |
| SHA512 | c36e197ca81a2d9786d822d1058e1817600e82763c2027213ea67abbc0eb1257d48893163550cb6d46205e282c101efdfee9388d1457e30e78dee34e5b1e0ac5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A66A8DB907BADC9D16AD67B2FBFFDD5C
| MD5 | f63b161e8bf60bb22b8e7f22c93308a0 |
| SHA1 | b43018c82880625aed74ea2f4b19eee51bfdeb9a |
| SHA256 | 0951f9bdba6ffd5f4924816dff9ffd0074a68cde8bfb7c5ec06aa515d6c64f82 |
| SHA512 | a04dc28e1243b79b2bf2c9d5cb6c92d82dc44e1ff7750047ff77470a2ef0e7ce9698004f90a10559c255e098d64f00759a924fa75b677ad6f2e54744b15525a6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3YK18YAR\packet[1].log
| MD5 | 0ffd3bd05a9281981db2330e5a7291c1 |
| SHA1 | fabbfea6c072f68692b81571d38e8eab72de1362 |
| SHA256 | 286dca4423a65cbd5d23e9bf002e584ec16a88c0a5edf4cfdc6b639d982593ad |
| SHA512 | 54ff1df237207e4fe70808583b96a07d0366887ed7e3389527eaadb6c3e045c19c4ba1621a47e24fa661f52b504274b46af91acd1b562bc15b1e51518846c333 |
\??\pipe\crashpad_3472_XYURXXCJBEUGLALV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8593d9a1303078a513df2dc2fe7a9673 |
| SHA1 | ef087d92df3f03235fd76b089a6f0c76652fee2b |
| SHA256 | 6e8a20519d9fb6eda687d5ceadb84e2da0706d7718dc90392c1f016303bdc8eb |
| SHA512 | a81a971790f376b87d9ad0856d3c1130089b67104d78ba426b395018d4d8e2104fe6b7dc924aed9d70d201b5cfbc7995ef9aa0d9053638e57a897072c66bb616 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
memory/4560-461-0x0000000000400000-0x000000000044A000-memory.dmp
memory/4560-462-0x00000000058E0000-0x0000000005E84000-memory.dmp
memory/4560-463-0x0000000005250000-0x00000000052E2000-memory.dmp
memory/4560-464-0x0000000005300000-0x000000000530A000-memory.dmp
memory/4560-465-0x00000000068B0000-0x0000000006EC8000-memory.dmp
memory/4560-466-0x00000000063F0000-0x00000000064FA000-memory.dmp
memory/4560-467-0x0000000006320000-0x0000000006332000-memory.dmp
memory/4560-468-0x0000000006380000-0x00000000063BC000-memory.dmp
memory/4560-469-0x0000000006500000-0x000000000654C000-memory.dmp
memory/4560-470-0x0000000006F50000-0x0000000006FC6000-memory.dmp
memory/4560-471-0x0000000006EF0000-0x0000000006F0E000-memory.dmp
memory/4560-473-0x0000000008660000-0x0000000008822000-memory.dmp
memory/4560-474-0x0000000008D60000-0x000000000928C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma
| MD5 | c806c4473f82ec409d0d01281513adc3 |
| SHA1 | a2a0d2dea8fb5429c8eb339d7504936db8b7ed95 |
| SHA256 | 92cd61a571d3eb9dbff4319c293faf68a9a0960bd7efac19cd413df10d0b325a |
| SHA512 | febbaad04eaa215c13f624905fa79c93f04057432895a67e93a41343fcbd02da3424713c62b068429d75a6833981c54f1dfa2df81d9d5ec891ab40fdd5bb2895 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 89f55681cd116518c116754e0407b2c8 |
| SHA1 | f5d4aeb85e94ba181091d6a1ebca93915919c9c6 |
| SHA256 | f36101d056932eba1217b54d3ee1c54e0c6c4120087bf1e1e0781625d2be6fc9 |
| SHA512 | 8db0dc249a77703508e63c8314af4bddcf54ac4f887b26409f743b344b94f9afe762d266cbac8b8097ffb28870d40841c7f64ed60acd087dbc1768db15b1c0cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | f732dbed9289177d15e236d0f8f2ddd3 |
| SHA1 | 53f822af51b014bc3d4b575865d9c3ef0e4debde |
| SHA256 | 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93 |
| SHA512 | b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 009b9a2ee7afbf6dd0b9617fc8f8ecba |
| SHA1 | c97ed0652e731fc412e3b7bdfca2994b7cc206a7 |
| SHA256 | de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915 |
| SHA512 | 6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7d06c2a44290f0b36023e83aff5e4246 |
| SHA1 | 5105ca8e354d43f3c49f4aed9462852f8af5df3d |
| SHA256 | 94342b94b25dd3b8205edfb1fd6c73228b537e81e0479bd311dcd9297485b3ac |
| SHA512 | f515ff6849fb65f3ecc0e33d66aa18f81cdd9b3dc4c97f27c2b08cb821a63207bc5b701f2a29c873d2d43f0f441ca4227080dffa323daf76139ba4053882a6f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | eb0ffb6a4b7e59b5a586f6bd0a0f7f00 |
| SHA1 | 1718d50b18a969f1810d69a85dd5ad10645fe13c |
| SHA256 | 6529ff4c3d41ff64d33dde337e8a340f7be8fe60925243d6b0306416603974e8 |
| SHA512 | 374a8f349e05a5c832d4a3722cdba32e1bdb4c2278137ec9d2545a086fb6293943f2f06abd042a8cc10f1dd023e1a1b687e47a24905a1f1bb7db48e932d98d5a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 7626aade5004330bfb65f1e1f790df0c |
| SHA1 | 97dca3e04f19cfe55b010c13f10a81ffe8b8374b |
| SHA256 | cdeaef4fa58a99edcdd3c26ced28e6d512704d3a326a03a61d072d3a287fd60e |
| SHA512 | f7b1b34430546788a7451e723a78186c4738b3906cb2bca2a6ae94b1a70f9f863b2bfa7947cc897dfb88b6a3fe98030aa58101f5f656812ff10837e7585e3f74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | ee19dec250e4ed1da71aef33aa5b43fc |
| SHA1 | a87fc08f1df65b5374bb691394235b77a4a1e620 |
| SHA256 | e928a377ed481440a60b003a0986986d78cf2f185b42f82b546ea70d5015b6c0 |
| SHA512 | a2acb8f4061fb072c4d909bb7a465a7e0cfdade9f0e8f1cf0c263d2af2ec63d1dab2d8ae304f646e5237cc0ac4dbf7275bf67d901df43fdede0d425559c6c8c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0
| MD5 | 93c25d5422acbd4c200edecc09931acb |
| SHA1 | 45806ac9526ffbbdee2e0ad4c0624b72942601f3 |
| SHA256 | 4bf4b49ad579987a4caaa5509131da8f3941a90dec9868606dd7ef9925008a7e |
| SHA512 | 792c30291b177dae6cfa2097bbd0e6af0352baf2f730fd04ba22c445b5bc043cf8a55ca6d7701aaf3d76e6d927a16345b5ece41acd3dbe6f184c2bc0eb6b2719 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3
| MD5 | a561d71c0a281ad05f0c0bc6d5c82483 |
| SHA1 | fa4921ea779051f1ad2606baab39c4eed9da395e |
| SHA256 | 16a5c569861545d049e3d6a73d2dc236ebe50859b5555ee0d29990214f255dbd |
| SHA512 | 41a5e88d7e37e9025aeb19591700b23a7012543c3f5a9d6c7ccec8c4a3803bd04cb6030e0d9af37a628dc2ab50e1797193b840d17816aa39aa3a3b5400d75945 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
| MD5 | 046cc08d163fc4578cd1b77a5d0965ac |
| SHA1 | 92f503e605c30974baf385f1619f1269b81dec57 |
| SHA256 | 693a60684aa9ff4f01cb6027e9c938f4701c0c898afc224a0776cb1e18e87166 |
| SHA512 | e8b1df36a237bcbbad897146ca247edf75466b2a4030fec620c46932b5c31137f2931cd2758534e4308aed3fb9cc40edf2d7646a38530bcc5e6d7069c19a3b1f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
| MD5 | 81a137b46cba2b5a814524fe4a291ebf |
| SHA1 | 18d95af5dfd59b667b40fd23c63453831359512e |
| SHA256 | 8f08807b100d432d53fb1064abe5db6984c91308e15833f14b697f8d11539ece |
| SHA512 | 45343fa7ce87ea219a350b6ef0b4d75bb3d504be72a1d3be06f45fb73d2dda57bb8f8afd510da67d91d415d0e488850c961d86bc31c5dca16fcf3d738c7414ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
| MD5 | 4d556acbcbbc0ed3564929e0ae9fb4b6 |
| SHA1 | 2b8556498df9b17fc2fe6607a77b2d931e1cc1fe |
| SHA256 | 4107444b048671be4cc752d35bbbbe2b4582deb3a6937583fc71d8991fcac360 |
| SHA512 | 4eaa50584a25a1b4b92121425bd6f899003ee929c81fc5300d9d081242f159aeb765d0a8d092bbe8a69970686ef48e0fca51bc18d02283c29f70f5d29763996f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
| MD5 | 566c0778516cf119ce2d66f9f308a145 |
| SHA1 | 50a2bf3f9e9e04d93b97ec50202deaf79c0f7458 |
| SHA256 | 93ca39d5bc43ad4e9cb02d52c8c773790832672003336324ea2520682411c6a1 |
| SHA512 | 0c6ee86033d7952ff2dd313f433d0c4184d3c7198f829593ea5db8bd9e23806f01d709df03707f7069f2c4e20c08a8f505bfedc5222c24db14c46007a773a8a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
| MD5 | f81d9069c821672d8b7bb2ccd29ebd9f |
| SHA1 | 61bd2dbb3e34e362279d2d0bec95085f7fb83533 |
| SHA256 | 05f78f00822c42274d46ccaf61516d37098858f0df7981285f3eb8642b549520 |
| SHA512 | 8e242f79947f9f91da758329849ae5ab58373df6fded5f9ada218b5e3d50c3f3c8c012730aedd48870cf87265eddeb620c0f9aafcd738964402a205829ccec47 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
| MD5 | be090f23b2d960aa16da71855e4799b2 |
| SHA1 | d9bb76e0c9c6f6238978adc1123f7f1733725c06 |
| SHA256 | 4706c1fb8c81434d7cf300691c6304cd594c24995319bdd270181d4617dc7329 |
| SHA512 | 492750fb544093d1dfca024495bdf22c03c22270933dff7b4b8f9cd5c6ded9655ce1d2acbccc6fb40af1c2e2ea2d40df0513cd8b46b8b6b57d9384ff870fa72f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | b4b5b42f50925cba095141c625a36cb2 |
| SHA1 | 5b3ccb867eaca6e8f75c08d375672e24569c52e0 |
| SHA256 | 756c83c2ec390a1e99dd76093cbbe1349975196216a30b97e37acf6383f5b9cc |
| SHA512 | 68080a044c2ee95385cd898d7861f248023b2d463d81b3793d66a43fa2f147bf8bcf104b61f8898db899dd1e3d040419bdcb0fb95f3631807f98119aad4a35e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 1b2a095218c3eeedfb2b8b722346b43f |
| SHA1 | b2716ba89cea3ac46fe27b1b6ad4365ced152cdb |
| SHA256 | 7f3a7923ca967f5b97bf656589512435cab44e8e016bdfe82a6158a356504c3f |
| SHA512 | 5ec8962831b83bad1326a2afec2d9876d8e5300082c9c26fe1e98dfe654202962e405a4491f1bb97c8ce2f89f8584259fbc6ff9dc78dbffe04a6a2a333526a7d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
| MD5 | e242a2001cac7871c64f191881f47759 |
| SHA1 | 9f461e78ab085d6ee8613727b7b788a944e738a3 |
| SHA256 | 2f35d2b09d1c80c74ddda6493c5a7e78bc24feb406be8f999457bb181179072c |
| SHA512 | c506e51cc86336d5643c60509b034cd73f02683dbfa42119f2a28b064cce24f370beddd18a28ca89749c064809a388916a698110566384d37a02332c1828ca2e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
| MD5 | c32632951f3fbec3e9e2f0a0c316895a |
| SHA1 | d5aa32405d2a820f0569228334adceac73b49866 |
| SHA256 | c8682aa7e461f4031f1e5b13ce8b4429a69508cde21725ccd760634a3abc5cc9 |
| SHA512 | a901a46690377c32e7e052ae1468d0e048d732b79458822610e845f503e7ad91b56d26f11b73b8ecefaa2aff6f8cb3a7bf29243df82b82db971cf13be0144635 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
| MD5 | 030c0a184cd78a58ecfe2d7dc97a5c5b |
| SHA1 | 3c9af2a8dcba1bc278cac8f7cf70329129af56b1 |
| SHA256 | 9a4ea642e61f0febf9b61234ffdd9f28a171176b440cbb3dbd85e9ff3674a1df |
| SHA512 | 962475c3bf816756ee44b16e49cc54a698b5692c00274f60cb6cee0ca3c096489eca04d83fd3aca10e566f579ea82af7a2186fdfb5ecae51724e280d68afb536 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
| MD5 | 8d56f07acc9c7cd9e43f356ed6b9de79 |
| SHA1 | 4e15c39cfa81f8c433bab76b7fb1c712387e70df |
| SHA256 | 6041dd9074db79c600cdda2cf0388328e911ecb2a899a2d12c0b3ad63e594583 |
| SHA512 | 105d691cb3e5719ce2b990dd399454f3fa57b5654f38901823f508cbe789de740a916dfa2280f667413c9489aaa00ee025f8207021ddd60c61c7fc3ffe9a4cfb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
| MD5 | 208eb10d7ad5cba04c16b83a57a7fdd2 |
| SHA1 | 9ef87025b8a6c5a782f95886524a59ef641fc77e |
| SHA256 | cd0f944e4cae0b03d4029182e95dd95ed06a3a721ef900b27ac558374737bfa7 |
| SHA512 | 77f20bcbf59c9cfff2fd1e105b3c88221f29636bbc7e810a0df1ec810617093f7e0504017c0056f9fdb601e123ca27b95a83cbc55792f38ae64bc22a5269f489 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 50fe96833b72aa53aaf8e7f7ed7519e2 |
| SHA1 | dde45af2598c2a19af0d747754b4afdee68b5145 |
| SHA256 | 4427d2328869a6a1dd56e7c46fbf491a66946dbb94cb773fa8d2fbf47afa35aa |
| SHA512 | c6338fa25a75d219e0f9501b5b1a381b10f858a4a88a6509d0ff5306d3cc15b8cb94d5be3ac0c1c5de6e85f8d51e8733845de66a0ba6b62542cab50796594d1d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13360803304702310
| MD5 | e37fe3581681e54a87d2de0f91cb8e0e |
| SHA1 | 6391506d8000c05fa85307f731012bd1fc7fd939 |
| SHA256 | 22d53d88c5a3e60541fd6c06cee71d947fb9271d40421cee64720ff71c3b976c |
| SHA512 | 19844183f8d35abf4db783371fa870f0de471f96ee1979da0e295e34168fa1c2267f5f04ef3a45c49b957455fa33c71818a47a90633d4e101c11b0d069766f1c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser
| MD5 | de9ef0c5bcc012a3a1131988dee272d8 |
| SHA1 | fa9ccbdc969ac9e1474fce773234b28d50951cd8 |
| SHA256 | 3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590 |
| SHA512 | cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG
| MD5 | bad16174263f78802a093a37bdb0c015 |
| SHA1 | 7f825b67f0e2b6d60b9fcbb7b545b480047fc974 |
| SHA256 | 276fd74396131c36b77327749f5492cfec804f00041703404df82106f444542e |
| SHA512 | 5a8272ba7168145101b6d2e1608880be392f04b7611674dd4dba7e7ff15c68c06cf0171ed3bf4b61897eecc26e0714efcc2430bf27c2d7cf038f9c7b3126f871 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 71ebd715c1b24c23c96ab871ae4e7166 |
| SHA1 | bc342dbe30399b5e0c2f2248266ba26f918a14a7 |
| SHA256 | c1993a483ffc5eb24254f68ac49a4261c9763b2f8e6ddcf53e734594c98fe475 |
| SHA512 | 5295c7052cf6e6dc1203479c8376dc661c0d607ace7518e0f04f4fb1feea39058116a4e3c6f197b47e7457c0bff63c9f4326d5b18b03a6be013f451dec0949a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 83c65e927fb7800ff877a2f76568b394 |
| SHA1 | 62f75a359013e8e16b36e1281d008ef8c024ed2f |
| SHA256 | 737accdef24e3b2c3421f5a0a259071dafe496b4eb283eae84ca9ffe730bb28d |
| SHA512 | 12e23125b6ee8ae6006646776961c2f01af42825b0b1beb72a1a45ba182f79ed0e6f1fc85b953d232c14cbbed666820026b563e9b6e67de799e00899a61ba9a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0a32fe1942aa41da1b08260df5d61ff5 |
| SHA1 | d509a7b6b3359fe5a250fdc0efa8671c669d155e |
| SHA256 | 506c11c299a8cc5b029c32b2758632bcbace10ce30fe99c5b617c540ad6c25a1 |
| SHA512 | 3e1c15d48cb586136827a1cbe1034ffc5365c3cbe1311d5ee0deebac9910cb555c228898ade4eda1db17e9f0d2e62acbdfd4fdfcdc300144179f636b75a84469 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 1a4a994956030405e4e6d7ab28ed013a |
| SHA1 | bf20e7bc8e5dda622af00feeea62cfb6a9375df4 |
| SHA256 | cabd9b58f51ed9d586d828d7a9eaa73ffcf13164c3c16057b8d04faf358e78d4 |
| SHA512 | d4820406fa0acaa164f2395328190a9d80647e967decb8c46c0cb1d38080247ace1695889776f6fc8ba98bdf549a7ad54bc5810b87ce89337f55b5222d1bccb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5eb1bf4b19d9109cb0b4a9d0351df629 |
| SHA1 | b7630055bef09fedce03d1d594fcadea95eeefee |
| SHA256 | f9a6251eee3ac17c15e0f8ff3a181e279131548f6651323cac1309c7819c98e3 |
| SHA512 | 1bb8ee6f9d080b870803edc3955cacc4667a508a84f6161edd5001bcd56104678561063f5b9fd04bf20094613eb08d31733345e48bd24be88e305a990ff78379 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 629248ec8df068c6d85de4178de7a41a |
| SHA1 | fff00579b40923a31c1da4fb22a0f91107128cc4 |
| SHA256 | 12c53621c733a7bae9aadaf974e0c0dfddd5d0c9af489153058077571f3db9d6 |
| SHA512 | f20880e0b111310ba68a8e5c3d72adbf728f20e1c287a4537ce9d3cfcf30c6040bb7803185eca91046647960908792de174a0d2a7544b5381fc7a56191b2ccbf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3624e7c197806f783296de7a4617f716 |
| SHA1 | 78dc26f668b3a9a3b6558db385597e3737b02ad0 |
| SHA256 | ec9a09a3af936333497cfe2d0a98f29b539795b06d801f1bfffe2cd46d88b1c2 |
| SHA512 | 78558a90fde5e07fa453caf7743521678ce92b642d961b54307edef980da6e9bda40be62598986aef4098b29ad27fb25271cdbdb6f4a54e07a160ebae36b1b38 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 81a1d4bdb641881e48c3c0a3455f1772 |
| SHA1 | 95194f51bbe29dd302751dd7e896837b6d1e9fe6 |
| SHA256 | b3fcf44360253f50d62ecc553ad83844151d6b731ebebe82d1aaadd98b56b8c5 |
| SHA512 | 70c76268ecfeea7d46815e6d1c94acd104e5e781d6875a4f998989b66738502f05a4d2eb99bce02f1c36b9aa47f6026357a0077450f3897e29cbde21464f38e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59674b.TMP
| MD5 | 2d0ba3646ce1674071715bd1f3455da1 |
| SHA1 | 0065bda3ba2b49dcf5cd48a7a6e9b712c2376966 |
| SHA256 | b08a871d0a931ef0a5bbd110cccbe1728b3f18bdb74deff33df32771dacc7eba |
| SHA512 | ea201b1dccc21295d455374a4b4427f0bfb94f50685ce764ba38130f431ebcf5fd8461ebb53bc6d338140d480970a3c70ec654026bd01e594eecbafaf2450683 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 57e1895ccd7c3648418bc1c61302b29d |
| SHA1 | 6351af470495c0dbeb865231aaa62ff943f212fc |
| SHA256 | e7f161ec8ebdd126fd0b86cec06aa3e86f0fad0726b9d41117745391c30b87c9 |
| SHA512 | 611161f2db2e678cdbb0e87d8797d6036ae42bcfe092470c8875dbd4e894915413fae131ff7833f93e1817e58100b901d46fe8d6d04661f4e5e73b813dcb92a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 958cda395489bc42d1c9d333a07d8bb8 |
| SHA1 | 22f5d545c209282860e4610f2cb28fe13d949427 |
| SHA256 | d896ff56c2c12f058fce8bd100d4d5de7a8ee331b9ac8b9a8d6638640b8d749f |
| SHA512 | 17758d8bda59780a13915750877b7457aa10780943aac06663e2b2afdf0783593145fa3745d0bf7e617a0fd57ec7fb4b7aeadd57ec6304892d6c44d0143b5acf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 383bc93c8f67b5073b10afe9a214592e |
| SHA1 | 20776a03f7ba32c09703e312d6b393e894235aa2 |
| SHA256 | d6e33a17a97a32680c538b72f8bc70d044bbde859255031c28c333bcc9f12b8a |
| SHA512 | 6c043716bc85f70aa4de54a29c8ddc21435147d795d929e3ba07651129d4b3ec48fd0909516ac811af93cc5e87dc2b50aafc656b42f32e3cff0bfcdcba095f5e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | acbbb58fcdedd2f18dff2c30692ec07d |
| SHA1 | 2b16ec6db2693bdeba0f32e30236413bd29191a9 |
| SHA256 | 8c7f2662844438a2664f3978940e3e0d5961c3452736029438f6627798357131 |
| SHA512 | 062c20e4a0f2ee73d3385c18d7980a47c10b66d3448edc8f34a6a77e023bda37a601b422ff4c81a10ec365df49e73c7971e3a2f9096670f9efeecf5458ae2ff3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 4208adc1286ad96a330b0d7ee1a5a4e9 |
| SHA1 | a41227f18d41c90e7b9b3b23d3f346e3ce9522fb |
| SHA256 | 353668160d0fdfaf4ed54404a840f726370979cc0858d2920a4d874d0b2ee1e0 |
| SHA512 | e11faa6024c5406f0b876b832cf0b31d2d38813992c97776dee24a14d3ac2cb800b5a4744e6b547d249ab0f6f3c8ee2b9aef74a72c85e0f0010f30a5a5ec3ca8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | 711b11d7a6fd52c38e6dfa03489fc7e8 |
| SHA1 | 359d330efa96476d0277db2afc25a33bd0d7540e |
| SHA256 | 77fbed2c26263d051cc296a701196832cb1492480e15d48f678c297d511a3732 |
| SHA512 | 7366659b871739ec3b481d20afb71a65555139c21edf397ca73c56f21f599f2790b34f747adfdcaa7365c9542fb81678f94b26b4398b739c372e4148d1d80b5b |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-21 22:12
Reported
2024-05-21 22:16
Platform
win7-20240419-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\lua51.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\lua51.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 220
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-21 22:12
Reported
2024-05-21 22:16
Platform
win10v2004-20240508-en
Max time kernel
139s
Max time network
102s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4980 wrote to memory of 2932 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4980 wrote to memory of 2932 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4980 wrote to memory of 2932 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\lua51.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\lua51.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2932 -ip 2932
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 604
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-21 22:12
Reported
2024-05-21 22:16
Platform
win7-20231129-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\luajit.exe
"C:\Users\Admin\AppData\Local\Temp\luajit.exe"